Restrict Lasso AJAX-file calls to the intended web page

Suppose you have a nice setup where a page interacts with the server via AJAX-calls and executes a Lasso file on the server to get some data. You don't want this file to be called directly via the URL-bar in a web browser, or via other self-made web pages by others who try to access it via a copy of your page. Anybody can see which AJAX-files your page is calling, so for some it is always a challenge to execute them outside the normal webpage to see what data will come up. Might be of interest! So you want to prevent that, somehow.

There is a Lasso-tag called referrer_url, which returns a string containing the URL that requested your AJAX-page. If you look into this string for a domain name or a path that only you have, you can block execution if the requestor is not coming from your server. When a page is called directly in the browser, the referrer_url is always an empty string. Which is logical, since the page was not referred to by another page.

Suppose I have a page mypage.html with a jQuery auto-complete implementation in it. This auto-complete can of course be used by more than one page and you do not want people to try it out in other ways.......<input type="text" id="inp1" size="25"><span id="desc1"></span>......<script>$(document).ready(function() { $("#inp1").autocomplete({minLength:2, source: "ajax.lasso?p1=a&p2=b", select: function(e,u) { $("#inp1").val(u.item.value); $("#desc1").html((u.item.label).replace("(" + u.item.value + ")", "")); return false; } });});</script>

So this gives you some protection from just try something-users. Add a login-system, which restricts the number of users that might want to hack your pages - you can trace their actions on your site. In that case, add a check if the user is logged in. You must execute your complete login-sequence in your AJAX-pages too, as with 'normal' pages, since the xhttprequest is a normal HTTP request and thus the browser sends the same HTTP-headers and cookies, etc.. to your AJAX-page.

Use Flot graphing library with Lasso Professional

I have created a quick example on how to create a graph with Flot and Lasso Professional. Flot is a really cool graphing library and Lasso is a cool programming language. Together, they create a great graph!